At present, some service providers exchange information with a mobile terminal of a user in the manner of MMS (Multimedia Message Service), SMS (Short Message Service), etc., so as to realize convenient and prompt service support and processing.
For example, a bank may provide double authentication services for a user by delivering a password in the manner of SMS or MMS to its ATM user or electronic banking user, so that the user can manage remotely account. Similarly, finance organizations and legal services organizations usually may also accomplish service processing by interaction with a terminal of a user.
Obviously, in the above situations, the information between the service provider and the mobile terminal needs to be protected confidentially. Or else, once the information is intercepted, it is very likely to cause significant loss in economic aspect or legal aspect. Even for the situation in which the information does not need to be protected confidentially, e.g., in the context of information exchange between mobile terminals, requirement of security still exists due to involving personal privacy.
To ensure information security, the information is generally encrypted with a key in the prior art, so as to avoid transmission of information in plaintext form. Key encryption technology mainly comprises the following two approaches.
One is symmetric key encryption (also referred to as secret key encryption or private key encryption), i.e., a sender and a receiver perform encryption and decryption algorithm to plaintext information using the same/symmetric key. It is required that, before sending or receiving encrypted information, a sender and a receiver not only have to perform key negotiation beforehand, but also have to ensure the security of the key negotiation. If the key is leaked out, the encrypted information would be equal to a plaintext. At the same time, the same/symmetric key need be generated randomly and uniquely. For example, a key between A and B must be different from a key between A and C, or else, the security of the information sent (or transmitted) to B would get threatened. In such case, N2/2 different keys are required for a group including n communication parties, so that the scale of key is huge.
The other is asymmetric key encryption (also referred to as public key encryption), i.e., every party has a pair of keys which correspond to each other: a public key and a private key, wherein only the public key is kept public. A sender encrypts information to be sent by using a public key of a receiver, and the receiver decrypts the information with its own private key. Although this approach can ensure the security of key, the sender still has to obtain the public key of the receiver beforehand. Also, there exist defects of complex algorithm, low speed of encryption and decryption, and poor efficiency.
For example, a solution in U.S. Pat. No. 7,017,181 (Identity-based-encryption Messaging System with Public Parameter Host Servers) discloses: a server is configured to manage a public key based on identity and corresponding to a unique identifier of a receiver, and a sender encrypts information by using the corresponding public key obtained from the server, thereby the security of the information communication is ensured. To send information to any receiver in this solution, it is required to access some servers in a network, which not only results in high cost for communication insurance, but also requires modification of the existing communication platform.
Apparently, in the prior art, a sender and a receiver have to negotiate before encryption/decryption to ensure the security of communication, while defects of poor security of communication or necessary access to other communication entities also exist. Therefore, there is not an appropriate solution for ensuring the security of information transmission in the prior art.